Hackers increase abuse of Google Ads platform to target users
Hackers have increased their abuse of the Google Ads platform to target users searching for popular software products.
Among the software products being impersonated include Grammarly, Slack, Dashlane, Audacity, ITorrent, AnyDesk, Libre Office, Teamviewer, Thunderbird, and more, reports Bleeping Computer.
“The threat actors clone the official websites of the above projects and distribute trojanised versions of the software when users click the download button,” the report mentioned.
The Google Ads platform helps advertisers promote pages on Google Search.
Read Also
Users looking for original software products on a browser without an active ad blocker are likely to click on malicious links “because it looks very similar to the actual search result”.
“The moment those ‘disguised’ sites are being visited by targeted visitors, the server immediately redirects them to the rogue site and from there to the malicious payload,” explained Guardio Labs.
Those rogue sites are practically invisible to visitors.
If Google detects that the landing site is malicious, the campaign is blocked and the ads are removed.
The malware payload, which comes in ZIP or MSI form, is downloaded from reputable file-sharing and code-hosting services such as GitHub, Dropbox, or Discord’s CDN.
“This ensures that any anti-virus programmes running on the victim’s machine won’t object to the download,” the report mentioned.
Guardio Labs recently observed a campaign where the threat actor lured users with a trojanised version of Grammarly. The malware was bundled with the legitimate software.
FacebookTwitterLinkedin
Hackers have increased their abuse of the Google Ads platform to target users searching for popular software products.
Among the software products being impersonated include Grammarly, Slack, Dashlane, Audacity, ITorrent, AnyDesk, Libre Office, Teamviewer, Thunderbird, and more, reports Bleeping Computer.
“The threat actors clone the official websites of the above projects and distribute trojanised versions of the software when users click the download button,” the report mentioned.
The Google Ads platform helps advertisers promote pages on Google Search.
Read Also
Users looking for original software products on a browser without an active ad blocker are likely to click on malicious links “because it looks very similar to the actual search result”.
“The moment those ‘disguised’ sites are being visited by targeted visitors, the server immediately redirects them to the rogue site and from there to the malicious payload,” explained Guardio Labs.
Those rogue sites are practically invisible to visitors.
If Google detects that the landing site is malicious, the campaign is blocked and the ads are removed.
The malware payload, which comes in ZIP or MSI form, is downloaded from reputable file-sharing and code-hosting services such as GitHub, Dropbox, or Discord’s CDN.
“This ensures that any anti-virus programmes running on the victim’s machine won’t object to the download,” the report mentioned.
Guardio Labs recently observed a campaign where the threat actor lured users with a trojanised version of Grammarly. The malware was bundled with the legitimate software.
FacebookTwitterLinkedin
Denial of responsibility! Techno Blender is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – [email protected]. The content will be deleted within 24 hours.